Microsoft Defender was flagging Google Chrome updates as "suspicious", again

A Microsoft Defender logo and text that reads Microsoft Defender for Endpoint

Earlier today, system administrators on Reddit, among other places, started reporting (1 , 2) that Google Chrome updates were being flagged as "suspicious" by Microsoft Defender for Endpoint. Apparently, Microsoft's security solution thought that the "goopdate" DLL file was suspicious since it wasn't signed by Google Updater service (GoogleUpdate.exe).

As you can see in the image below, Twitter user Kevin Gray noticed the following activity on Defender's end when running the Google Chrome updates:

Defender flagging Google update as malware

Microsoft appears to have confirmed that finding was indeed a false positive and has since resolved the bug according to MVP Ota Hirufumi on Twitter:

While Microsoft Defender for Home has generally performed quite well in the recent anti-virus rankings for AV-Comparatives and AV-TEST, the enterprise variant of the product has had many instances where it has flagged genuinely harmless files and services as malicious.

For example, last year in February, the same thing had happened as Defender for Endpoint thought Chrome updates were malicious; and very recently, it even wrongly flagged its own Office updates as malware.

Following that incident, Microsoft published a guidance for false positives / negatives to reduce such errors but the move doesn't seem to have helped much yet.

via BleepingComputer

Report a problem with article
Saints and Sinners Chapter 2 key art
Next Article

Here's a first look at The Walking Dead: Saints & Sinners Chapter 2 for Quest 2 and PCVR

windows 10 tweak
Previous Article

Guide: Add Terminal to Windows 10 Quick Links (WinX) right-click on Start menu

3 Comments - Add comment